All in Red Teams

Convincing new customers...

Convincing new customers...

Red Teams
Red Teams

You have two types of prospect customers in the world of Red Teams: Those that believe they need help and are willing to invest in proper security, and those that believe their security is the best but since it's required by their oversight they will hire a security consultant to *try* to find security vulnerabilities.

The former are easy to convince that they need to perform different tests, including a physical penetration test. The latter... Well, those take some convincing to do.  

I can show them presentations and hard data on why their security is lacking but they are too confident that their security is so good that they won't listen. In these cases I have to show them first hand. I usually would ask for permission to try to penetrate their building/network but sometimes I do it and then show them.

This last customer I had to convince authorized me to, quote: "try to bypass my security guards, I dare you...". 

Checking your customers via open IP cameras

Checking your customers via open IP cameras

Red Teams
Fieldcraft, Red Teams

If you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.   

With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it. Feel safer yet?

The initial way in

Red Teams
Fieldcraft, Physical, Red Teams

​Based on experience, people think adversaries (they call them hackers) always find vulnerabilities (on networks, applications, protocols, etc) and write or use exploits in order to have access to their targets.  

While up to some extent this might be true, a lot attackers use other techniques to gain that initial way in. Social engineering is a great way to convince someone to download and open a *weaponized* document or binary file and have him or her infected with a piece of malware that will allow the attacker to remote access the system.

Social engineering doen't necessarily means calling or emailing the target. Sometimes sending a bunch of *product samples* might do the trick. For example, sending cheap USB flash drives or leaving them at the reception of your target can do wonderful things. Have the USB point to a malicious binary that will be automatically run when inserted on a computer or have a seemingly harmless PDF file called something along the lines of "Get more free samples.pdf" outfitted with some malware and you now have access to the system, remotely. 


The AA

Red Teams
Fieldcraft, Digital, Red Teams

​On a rather interesting project, I spent an hour trying to convince the assistant of a CEO (the AA) I was targeting  to open a PDF that contained important information that I needed the CEO to consider. It was important to me that she open it while I was on the phone because I needed to verify that I had a connection to their network via the code I embedded in the weaponized PDF. 

She wouldn’t have it. She kept on saying that she would open it later when she was free. Not good. Eventually she got tired of me (I was using every trick in the book to convince her!) and she said: “Fine! I’ll open it.”

Using red teams to track criminals

Red Teams
Fieldcraft, Digital, Red Teams

​The use of hacking (I hate the *ethical hacking* name) techniques can be used for more than penetration testing and red team assessments. In one occasion, my team helped a law enforcement agency in the collection of information that lead to the capture of a criminal.

The owner of a company contacted the authorities about a former employee that took with him very sensitive and valuable proprietary information. They have some proof of it and were hoping the authorities could help locating and acquiring the proof he needed to take this person to court.  

After a few months of not going anywhere the company contacted us to see whether we could help the law enforcement officials locate and track the former employee (I'll refer to him as Bob). We were given all the information, including some really nice open source intelligence collected by the good guys. Two pieces of information gave us a good lead: Bob's personal email and his social media information.

Quick reaction force

Red Teams
Digital, Red Teams

One project I was involved in earlier on was the testing of the customer's digital quick reaction force (QRF). This group of security and IT professionals were supposed to be at the ready in cases where the organization's networks or systems were being compromised.

Usually the best way in would be a social engineering attack where we would send the target an email with a weaponized document or a link to a site with code that can exploit different vulnerabilities on their browsers, however this time we also wanted to see how good their security hardening practices were, how their perimeter was set and whether they were monitoring the different network devices at all.

 

Load More